RemoteLeaf Logo
Log in Sign up

Senior Analyst, Third Party Risk Management (Remote Eligible - Costa Rica)

5 hours, 53 minutes ago
Costa Rica
Full-time
Senior
Security Analyst
Cybersecurity
Penetration Testing
Apply Now
Smartsheet

Smartsheet

Smartsheet provides an enterprise work management platform that enables teams to efficiently manage projects, automate processes, and enhance collaboration through a user-friendly interface that combines spreadsheet functionality with advanced workflow...

Internet Software & Services
1K-5K
Founded 2005
View All Jobs 133

Description

  • Lead end-to-end third-party risk assessments for new and existing vendors, including tiering, scoping, questionnaire management, and findings documentation.
  • Own ongoing monitoring of vendor risk across the third-party portfolio and track remediation follow-up and risk acceptance decisions.
  • Review vendor security documentation such as SOC 2 reports, penetration test results, ISO certifications, and other control attestations.
  • Translate vendor security findings into clear, actionable risk summaries for stakeholders.
  • Drive process improvement initiatives to scale and mature the TPRM program through better tooling, automation, and workflow design.
  • Collaborate with Legal, Procurement, Privacy, Information Security, and business stakeholders on sourcing and renewal decisions.
  • Use AI tools such as Claude and Microsoft Copilot to improve efficiency while verifying and taking accountability for outputs.
  • Contribute to broader risk activities including reporting, policy review, and program documentation.
  • Support development of TPRM metrics and reporting to provide leadership visibility into third-party risk exposure.
  • Perform other job duties as assigned.

Requirements

  • 5+ years of experience in third-party risk management, vendor risk, GRC, information security, audit, or compliance.
  • Direct experience conducting vendor or third-party risk assessments.
  • Practical knowledge of risk or regulatory frameworks such as NIST, ISO 27001, COSO, COBIT, AICPA SOC/TSP, PCI DSS, or similar.
  • Familiarity with vendor security questionnaire frameworks such as SIG (Shared Assessments) and/or CSA CAIQ.
  • Ability to review and interpret SOC 2 reports, penetration testing summaries, and other vendor security attestations.
  • Experience working in cross-functional environments involving Legal, Procurement, and/or Engineering stakeholders.
  • Strong written and verbal communication skills in English.
  • Ability to translate technical risk findings into clear business language.
  • Effective critical thinking and judgment to assess risk materiality, prioritize demands, and escalate appropriately.
  • Comfort working with and evaluating AI-generated content, with an understanding that outputs must be verified before use in risk decisions.
  • Adaptability to evolving regulatory requirements and interest in staying current on the third-party risk landscape.
  • Experience with vendor risk management platforms such as AuditBoard, Archer, OneTrust, ServiceNow GRC, Vanta, or Coupa (preferred).
  • Background in SaaS, cloud, or technology company environments (preferred).
  • Familiarity with AI-assisted workflows in a GRC or compliance context (preferred).
  • Experience supporting audit processes such as SOC 2, ISO 27001, or BARR (preferred).
  • Relevant certifications such as CISA, CRISC, CTPRP, or equivalent (preferred).
  • Experience with operational risk across multiple business units, legal entities, or jurisdictions (preferred).
  • Must reside in Costa Rica and be eligible for remote work within Costa Rica.

Benefits

  • Remote work within Costa Rica.
  • Teleworking options from any registered location in Costa Rica.
  • Opportunity to work on a high-visibility, cross-functional risk program with meaningful ownership.
  • Inclusive, equal opportunity employer committed to fostering a supportive environment.
  • Support for interview accommodations to ensure a comfortable and positive interview experience.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Brain

2026 Summer Intern - Operations (Trust & Infrastructure)

Brain 251-1K Industrial Conglomerates

Brain Corp is hiring a Trust and Infrastructure intern to support operations that strengthen the security, compliance, and transparency of its robotic fleet and business systems.

United States Internship Entry Level Operations Analyst Security Analyst
$52k-$73k
Cybersecurity GitHub JIRA NetSuite
44 minutes ago
Cato Networks

Security Analyst

Cato Networks 251-1K Diversified Telecommunication Services

Cato Networks is hiring a Managed Detection and Response (MDR) Security Analyst to identify and respond to customer security threats while helping improve threat-hunting capabilities across its cloud-delivered security platform.

Israel Full-time Mid Level Security Analyst
DNS HTTP Network Security Python Ruby SOC TCP/IP TLS
3 hours, 36 minutes ago
Anduril Industries

Supply Chain Counterintelligence Analyst

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Supply Chain Security CI Analyst to support counterintelligence and security investigations that protect the company’s supply chain from nation-state and other emerging threats.

United States Full-time Mid Level Security Analyst
$98k-$130k
Cybersecurity
4 hours, 38 minutes ago
SpaceX

Investigations Analyst

SpaceX 10K-50K Aerospace & Defense

SpaceX is hiring an Investigations Analyst to support insider threat and security investigations that protect personnel, global assets, intellectual property, and operations across its advanced aerospace and satellite programs.

United States Full-time Junior Paralegal Security Analyst
$85k-$120k
SIEM Splunk
5 hours, 8 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers